有什么区别:
pw lock <user>
和
pw mod user <user> -w no
它们都完成相同的事情:禁用基于密码的登录,但为什么我会选择一种方式而不是另一种方式呢?
答案1
来自pw(8) 联机帮助页(当您对程序有疑问时,这始终是您应该首先查看的地方!man pw)
USER LOCKING The pw utility supports a simple password locking mechanism for users; it works by prepending the string `*LOCKED*' to the beginning of the pass- word field in master.passwd to prevent successful authentication. The lock and unlock commands take a user name or uid of the account to lock or unlock, respectively. The -V, -C, and -q options as described above are accepted by these commands.
与
(关于 的部分usermod,我猜你的意思是mod user)
-w method The -w option selects the default method used to set pass- words for newly created user accounts. method is one of: no disable login on newly created accounts yes force the password to be the account name none force a blank password random generate a random password The `random' or `no' methods are the most secure; in the former case, pw generates a password and prints it to std- out, which is suitable when users are issued passwords rather than being allowed to select their own (possibly poorly chosen) password. The `no' method requires that the superuser use passwd(1) to render the account accessible with a password.
所以,lock可以用unlock, usermod <user> -w nowill恢复删除密码和管理员需要设置新的一,并告诉用户(可能包括通过不受信任的介质发送)。
答案2
经过一些测试,并根据评论和手册页中的反馈,这些是我的结果:
- “lock”保留原始密码字段,并添加锁定到密码字段,它允许“撤消”操作并保持原始密码不变。但是,锁定的用户无法通过基于密钥的身份验证通过 SSH 登录。
- “-w no”选项将密码字段设置为“*”,从而禁用任何形式的基于密码的登录。然而,这不会阻止使用基于密钥的身份验证进行基于 SSH 的访问!